Commit f473aa09df675e69755797417afceb60c96e4d85
1 parent
6ff2528b
add permission check
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@1182 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
48 additions
and
26 deletions
presentation/lookAndFeel/knowledgeTree/subscriptions/addSubscriptionBL.php
| ... | ... | @@ -27,6 +27,19 @@ require_once("$default->fileSystemRoot/lib/subscriptions/SubscriptionManager.inc |
| 27 | 27 | // page start |
| 28 | 28 | // ------------------------------- |
| 29 | 29 | |
| 30 | +/** | |
| 31 | + * Checks if the user has read permission on the subscription content | |
| 32 | + * | |
| 33 | + * @param integer the id of the subscription content | |
| 34 | + * @param integer the subscription type | |
| 35 | + */ | |
| 36 | +function checkPermission($iExternalID, $iSubscriptionType) { | |
| 37 | + if ($iSubscriptionType == SubscriptionConstants::subscriptionType("FolderSubscription")) { | |
| 38 | + return Permission::userHasFolderReadPermission($iExternalID); | |
| 39 | + } else { | |
| 40 | + return Permission::userHasDocumentReadPermission($iExternalID); | |
| 41 | + } | |
| 42 | +} | |
| 30 | 43 | // only if we have a valid session |
| 31 | 44 | if (checkSession()) { |
| 32 | 45 | |
| ... | ... | @@ -47,37 +60,46 @@ if (checkSession()) { |
| 47 | 60 | $iExternalID = $fDocumentID; |
| 48 | 61 | $iSubscriptionType = SubscriptionConstants::subscriptionType("DocumentSubscription"); |
| 49 | 62 | } |
| 50 | - | |
| 51 | - if (!Subscription::exists($iUserID, $iExternalID, $iSubscriptionType)) { | |
| 52 | - $oSubscription = new Subscription($iUserID, $iExternalID, $iSubscriptionType); | |
| 53 | - // if we've confirmed the subscription | |
| 54 | - if ($fConfirmed) { | |
| 55 | - // add it | |
| 56 | - if ($oSubscription->create()) { | |
| 57 | - $default->log->info("addSubscriptionBL.php added subscription for userID=$iUserID, subType=$iSubscriptionType, id=$iExternalID"); | |
| 58 | - // redirect to viewFolder or viewDocument | |
| 59 | - $default->log->info("redirecting to " . $oSubscription->getContentUrl()); | |
| 60 | - | |
| 61 | - redirect($oSubscription->getContentUrl()); | |
| 63 | + | |
| 64 | + if (checkPermission($iExternalID, $iSubscriptionType)) { | |
| 65 | + | |
| 66 | + if (!Subscription::exists($iUserID, $iExternalID, $iSubscriptionType)) { | |
| 67 | + $oSubscription = new Subscription($iUserID, $iExternalID, $iSubscriptionType); | |
| 68 | + // if we've confirmed the subscription | |
| 69 | + if ($fConfirmed) { | |
| 70 | + // add it | |
| 71 | + if ($oSubscription->create()) { | |
| 72 | + $default->log->info("addSubscriptionBL.php added subscription for userID=$iUserID, subType=$iSubscriptionType, id=$iExternalID"); | |
| 73 | + // redirect to viewFolder or viewDocument | |
| 74 | + $default->log->info("redirecting to " . $oSubscription->getContentUrl()); | |
| 75 | + | |
| 76 | + redirect($oSubscription->getContentUrl()); | |
| 77 | + } else { | |
| 78 | + // error creating subscription | |
| 79 | + $default->log->error("addSubscriptionBL.php error creating subscription for userID=$iUserID, subType=$iSubscriptionType, id=$iExternalID"); | |
| 80 | + $oPatternCustom->setHtml(renderErrorPage("An error occurred while creating this subscription")); | |
| 81 | + } | |
| 62 | 82 | } else { |
| 63 | - // error creating subscription | |
| 64 | - $default->log->error("addSubscriptionBL.php error creating subscription for userID=$iUserID, subType=$iSubscriptionType, id=$iExternalID"); | |
| 65 | - $oPatternCustom->setHtml(renderErrorPage("An error occurred while creating this subscription")); | |
| 83 | + // ask for confirmation | |
| 84 | + $oPatternCustom->setHtml(renderSubscriptionAddConfirmationPage($oSubscription)); | |
| 66 | 85 | } |
| 67 | 86 | } else { |
| 68 | - // ask for confirmation | |
| 69 | - $oPatternCustom->setHtml(renderSubscriptionAddConfirmationPage($oSubscription)); | |
| 87 | + // you're already subscribed | |
| 88 | + $oPatternCustom->setHtml(renderErrorPage("You are already subscribed to the " . ($fFolderID ? "folder '" . Folder::getFolderName($fFolderID) . "'" : "document '" . Document::getDocumentName($fDocumentID) . "'"))); | |
| 70 | 89 | } |
| 90 | + | |
| 91 | + require_once("../../../webpageTemplate.inc"); | |
| 92 | + $main->setCentralPayload($oPatternCustom); | |
| 93 | + $main->setFormAction($_SERVER["PHP_SELF"]); | |
| 94 | + $main->render(); | |
| 95 | + | |
| 71 | 96 | } else { |
| 72 | - // you're already subscribed | |
| 73 | - $oPatternCustom->setHtml(renderErrorPage("You are already subscribed to the " . ($fFolderID ? "folder '" . Folder::getFolderName($fFolderID) . "'" : "document '" . Document::getDocumentName($fDocumentID) . "'"))); | |
| 74 | - } | |
| 75 | - | |
| 76 | - require_once("../../../webpageTemplate.inc"); | |
| 77 | - $main->setCentralPayload($oPatternCustom); | |
| 78 | - $main->setFormAction($_SERVER["PHP_SELF"]); | |
| 79 | - $main->render(); | |
| 80 | - | |
| 97 | + // no permission | |
| 98 | + $oPatternCustom->setHtml(renderErrorPage("You don't have permission to subscribe to this folder or document")); | |
| 99 | + require_once("../../../webpageTemplate.inc"); | |
| 100 | + $main->setCentralPayload($oPatternCustom); | |
| 101 | + $main->render(); | |
| 102 | + } | |
| 81 | 103 | } else { |
| 82 | 104 | // neither document or folder chosen |
| 83 | 105 | $oPatternCustom->setHtml(renderErrorPage("You haven't chosen a folder or a document to subscribe to")); | ... | ... |